top of page

***Open sessions can be viewed on YouTube by clicking their respective titles.***


Open Session

The Open Session is open to the local and international business communities for registration and will highlight panel discussions on some of the most relevant global 'privacy' topics.


Sunday, October 15th, 2023: Welcome Reception 

The Welcome Reception will feature an opening keynote address, panel discussion and a performance by the Gombeys.

6:00pm          Event Welcome


Blanca Lilia Ibarra - Commissioner and President, National Institute for Transparency, Access to Information and Personal Data Protection, Mexico

Rena Lalgie - Her Excellency the Governor of Bermuda

Alexander White - Privacy Commissioner for Bermuda



Dr. Charlotte Andrews - Head of Cultural Heritage, The Bermuda National Trust

6:30pm          Session 1:  Privacy Law Developments in the Caribbean Community 

Panel Lead/Moderators

Stewart Dresner Chief Executive, Privacy Laws & Business

Laura Linkomies – Editor, Privacy Laws & Business

We are delighted to welcome the GPA to our corner of the world with this regionally focused panel. In this session, our discussions will provide a round-up to compare and contrast current national privacy laws and issues in the Caribbean region, as well as exchange experience from new data protection authorities in small jurisdictions and from organisations facing compliance challenges. Join us to see how privacy and data protection rights are being built right now.



Dr. Patrick Anglin - DPO, The University of the West Indies, Jamaica

Lisa Greaves - Data Protection Commissioner, Barbados

Bartlett Morgan - Director of Chancery Advocates in Barbados

Dr. Marisa Stones - Cabinet Office, PATI/PIPA Unit - Government of Bermuda
Laura Schwartz-Henderson - Advocacy and Research Advisor, Internews, US

Michael Wright - Data Protection Commissioner, The Bahamas

7:45pm          Opening Reception

Hosted by The Office of the Privacy Commissioner for Bermuda

& Sponsored by Bacardi Ltd







Monday, October 16th, 2023 (9:00 am - 4:30 pm)            

9:00am           Opening Declaration/Introduction

9:05am           Welcome

The Hon. Vance Campbell, JP, MP - Minister of Tourism and Cabinet Office, Bermuda

9:15am           Advancing Technology Policy: A Fireside Chat with Deirdre K. Mulligan

Deirdre K. Mulligan - Principal Deputy U.S. Chief Technology Officer, Head of the White House Office of Science & Technology Policy (OSTP)’s Technology policy team
Jules Polonetsky - CEO, Future of Privacy Forum

9:45am           Coffee Break

10:00am         Session 2: Clear and Present Harms

Panel Lead/Moderator:

Commissioner Patricia Kosseim - IPC Ontario, Canada

What is privacy regulation supposed to achieve? How do we calibrate both the harms and benefits of data processing? Why does a reflection on the societal harms of technologies like AI matter? These are some of the questions to be discussed during this important session. Discussion will include the role of data protection authorities as front-line defense, as well as the reasonable, appropriate and fair use of data within the context it was intended.


John Edwards - Commissioner, ICO, UK

Kashmir Hill* - Technology Reporter, New York Times

Dr. Teresa Scassa - Canada Research Chair in Information Law and Policy, University of Ottawa
Rebecca Slaughter - Commissioner, Federal Trade Commission

Dr. Jeni Tennison - Connected by Data, UK
Zee Kin Yeong - Chief
Executive, Singapore Academy of Law

*pre-recorded contributor


11:15am         Session 3: What Can DPAs Learn from Other Regulators?

Panel Lead/Moderator:

Claudia Berg - General Counsel, ICO, UK

In this panel, we will explore the intersection of privacy and other regulatory spheres, such as competition law, to discuss the substantive or perceived tensions and synergies. This session will reference case studies that show ‘real world’ examples and talk about the practical realities and lessons for cooperation between different types of regulators that can provide mutual benefits in regulatory action.


Dr. Ana Brian Nougreres - Special Rapporteur on the right to Privacy, United Nations

Ulrich Kelber - Federal Commissioner for Data Protection and Freedom of Information, Germany

Jessica Rich - Kelley Drye & Warren
Ashkan Soltani - Executive Director, California Privacy Protection Agency


12:30pm         Lunch

Sponsored by IAPP

1:45pm          Session 4: Financial Services and Data Protection

Panel Lead/Moderator:

Vivienne Artz, OBE FCSI (Hon) – Strategic Advisor, Centre for Information Policy Leadership (CIPL)

This panel discussion will focus on the innovative privacy and data protection issues faces by the financial services industry. From anti-money laundering to Central Bank Digital Currencies, digital assets to the global inter-connectivity of financial services systems, this panel will explore how the personal information requirements of financial services can be successfully integrated with privacy and data protection responsibilities.


Lori Baker - Vice President - Legal and Director of Data Protection, DIFC

Jem Davis* - Data Protection Manager, Bank of England

Karamoko Dickens - Co-founder and C.E.O., Conci Bermuda Limited
Tami Dokken - Form
er Chief Data Privacy Officer, World Bank

Geoffrey Faiella - VP, Head of Legal & Regulatory Compliance, Clarien Bank Limited

Alessandra Pierucci - Garante Italia, and Coordinator of the EDPB Financial Matters Expert Subgroup

*pre-recorded contributor 

3:00pm          Coffee


3:15pm          Session 5: Shifting Focus - Looking Towards AI and Emerging Technologies

Panel Lead/ Moderators

Caitlin Fennessy – VP, Chief Knowledge Officer, IAPP

Brenda Leong – Partner, BNH, AI


Never before have emerging technologies had such a profound impact on privacy. This panel session will discuss the continued expansion of artificial intelligence systems, in particular Machine Learning systems, for an analysis of what DPAs must consider in order to evaluate "fair" outcomes, along with data protection requirements impacting AI and other emerging technologies. How can DPAs identify and address the risks around new AI applications? Does AI fit into existing regulatory models? Where do those models fall short, and what new oversight tools should be considered?


Dr. Halefom Abraha - Postdoctoral Researcher, Bonavero Institute of Human Rights, University of Oxford

Che Chang - General Counsel, OpenAI

Philippe Dufresne - Privacy Commissioner, Canada
Guido Scorza - Garante Italia

4:45pm          Exclusive side-event brought to you by Future of Privacy Forum


Public Data, Free For All? Global Advances in Protecting Publicly Available Personal Data

This side event explores the approaches of key jurisdictions around the world to protecting publicly available personal data, an issue which is now front and center to data protection and AI governance. Such data is an important source for training AI models and fueling machine learning. At the same time, publicly available personal data is also relied on by researchers to study disinformation and hate speech, manipulation of electoral processes, censorship across the web and so forth. Join us to discuss these questions, among others:

• What are the lawful grounds for collecting and processing personal data that is publicly available, considering these various competing interests?
• What is old and what is new in the legal issues around accessing and processing publicly available personal data, due to developments of AI? What are the lessons we can draw from decades of online search engines and access to public Information?
• What role does Data Protection/Privacy by Design play in how personal data is made publicly available and in how it is subsequently collected and accessed?



Jules Polonetsky - Chief Executive Officer, Future of Privacy Forum


Tobias Judin, Head of the International Department, Norwegian DPA
Pansy Tlakula, Chairperson of the Information Regulator of South Africa
Hielke Hijmans, President of the Litigation Chamber and Member Executive Board of the Belgian Data Protection Authority
Blanca Lilia Ibarra, President Commissioner, INAI Mexico

Tuesday, October 17th, 2023

8:30am           Session 6: Risk is our Business


Trevor Hughes – President and CEO, IAPP

Data protection authorities and organisations that use data must examine and understand risks in order to accomplish their respective missions while protecting the rights of individuals. In this panel, we will engage in a discussion on the nature of risk, how to quantify and explain risk, and how regulators can best set their expectations for risk-based decisions and identifying and mitigating harms in context of beneficial uses of data.



Mar España - Director, Spanish Data Protection Agency

Naomi Lefkovitz - Senior Privacy Policy Advisor in the Information Technology Lab at the National Institute of Standards and Technology, U.S. Department of Commerce

Emma Martins - Data Protection Commissioner, Guernsey
Anu Talus - Commissioner Finland/ Chair of the European Data Protection Board (EDPB)

Suzanne Williams-Charles - Director of Policy and Regulation, ABIR


9:45am           Coffee


10:00am         Session 7: Indigenous Perspectives on Privacy


Commissioner Michael McEvoy – OIPC BC, Canada

Panel session designed to provide unique perspectives on data privacy and examine the alignment of non-traditional world views with the modern legal perspective on privacy and data protection.  Discussion will take a conversational approach and will include pre-recorded video perspectives regarding the most pressing privacy issues faced by indigenous peoples around the world. 


Dr Jonathan Dewar - First Nations Information Governance Centre (Canada)*

Mercy King'ori - Future of Privacy Forum 

Dr Tahu Kukutai - The University of Waikato*

Guest Speaker*

Prof Gehan Gunasekara - The University of Auckland

Josefina Román Vergara - Commissioner, Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales, México
*pre-recorded contributor


11:15am         Giovanni Buttarelli Award 2023

Presented by EDPS and INAI


11:45pm         Lunch


1:00pm           Session 8: Data Transfer Mechanisms


Bojana Bellamy – President, CIPL

The panel will assemble experts to discuss the various global efforts to promote consistency and interoperability in data transfers. What do these efforts have in common? Where are the divergences? Our session aims to capture the momentum on various developments regarding international data transfers law, policy, and practice, and to discuss the shared path forward, in which we as a global community can encourage and offer practical solutions and best practices for enabling trusted and accountable data flows that benefit individuals, organisations, governments, and our digital societies and economies.


Beatriz de Anchorena - Director of AAIP, National Data Protection Authority, Argentina

Yuji Asai - Commissioner, Personal Information Protection Commission, Japan

Elizabeth Denham, CBE - Chief Policy Strategist, Information Accountability Foundation

Bruno Gencarelli - Head for International Affairs and Data Flows, DG Justice and Consumers, European Commission

Neema Singh Guliani - Deputy Assistant Secretary for Services, International Trade Administration, U.S. Department of Commerce

Alex Joel - Senior Project Director, American University of Washington College of Law

Immaculate Kassait - Data Protection Commissioner of Kenya


 2:15pm          Session 9: A Call to Action


Commissioner Alexander White – PrivCom, Bermuda


Teki Akuetteh - Founder & Executive Director, African Digital Rights Hub

Malcolm Crompton - Founder & Partner, IIS Partners

Eduardo Ustaran - Partner, Hogan Lovells

Wojciech Wiewiorowski - European Data Protection Supervisor

Zee Kin Yeong - Chief Executive, Singapore Academy of Law

Dr. Gabriela Zanfir-Fortuna - Vice President for Global Privacy, Future of Privacy Forum

3:30pm          Coffee

3:45pm          Exclusive side event hosted by the European Commission

International Cooperation in Action: The Role of the GPA



Delores Dozo 


International cooperation in data protection is a pre-requisite to respond to today’s integrated digital economy. As an influential and unique international forum, the GPA has played a key role in advancing international cooperation between regulators and beyond.
As the need for greater and more granular international cooperation continues to grow, this session will explore avenues for authorities, governments, and international bodies to “deliver” international cooperation in practice and work together for the advancement of modern data protection standards based on shared values as well as effective enforcement. In particular, as the GPA is taking stock of its achievements of the past years and preparing its new Strategic Plan, the discussion will explore how the GPA is uniquely positioned to support coordination for effective cooperation and enforcement in the digital age, including through exploring new avenues and identifying novel solutions.


Beatriz de Anchorena - Director of AAIP, National Data Protection Authority, Argentina; Member of GPA ExCo & Chair of GPA Strategic Direction Sub Committee
Cecilia Siu - Assistant Privacy Commissioner for Personal Data, Hong Kong
Gregory Smolynec - Deputy Privacy Commissioner, Canada
Ulrich Kelber - Federal Commissioner for Data Protection and Freedom of Information, Germany
Josefina Román Vergara - Commissioner, National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
Omar Seghrouchni - President of the National Commission for the Protection of Personal Data, Morocco
Alexander White - Privacy Commissioner, Bermuda


5:30pm          Exclusive side-event brought to you by META


AI and Society: Opportunities and Challenges for Responsible AI Development



Cecilia Alvarez - Director of Privacy Policy Engagement, EMEA, Meta


Artificial intelligence (AI) is rapidly transforming our world. From powering voice assistants to detecting fraud, AI is used in a wide variety of ways to improve how we live and work.

In addition to the flashy examples of AI, such as self-driving cars, facial recognition, or personalization, there are numerous other use cases of AI. In healthcare, AI is utilized to develop new drugs, diagnose diseases, and provide personalized care. In finance, AI is harnessed to detect fraud, manage risk, and make investment decisions. In education, AI is deployed to personalize learning, provide feedback, and grade assignments. In customer service, AI is in use to automate tasks, answer questions, and resolve issues. These are just a few examples of the many use cases for AI. As AI technology continues to develop, we can expect to see even more innovative and ground-breaking applications of AI in the years to come.

This panel will explore the many faces of AI. Experts will share how state of the art AI technologies generate impact in their respective sectors. The speakers will also discuss the ethical implications of AI and how to ensure that AI is developed in a responsible manner.


Gabriel Stefanini Vicente - Data Scientist at the Development Data Group, World Bank
Monika Tomczak-Gorlikowska - Chief Privacy Officer, Prosus Group
Teki Akuetteh - Founder & Executive director, Africa Digital Rights Hub

Wednesday, October 18th, 2023


10:00AM       Networking Break: Sponsored by CCS Group Limited

4:00pm          Report from the International Working Group on Data Protection in Technology (IWGDPT)



Ulrich Kelber - German Federal Commissioner for Data Protection and Freedom of Information, Chair and Secretariat for IWGDPT / "Berlin Group” 

- What is the IWGDPT / Berlin Group? Presentation by Ulrich Kelber, Chair IWGDPT / Berlin Group 

- What does the IWGDPT / Berlin Group do? Presentation by Sharon Azarya, PPA Israel on the "Smart Cities" Working Paper 

4:30pm          Exclusive side-event brought to you by CIPL





Responsible AI in Practice: Risk Assessments, Responsibility of Different Parties, and Transparency



Bojana BellamyPresident, CIPL

The era of artificial intelligence and machine learning is upon us with all its benefits and promises as well as risks and challenges. This event will explore a range of important questions associated with the responsible development and deployment of AI and consider concrete examples of current best practices and attempts to address the risks and challenges.

Thursday, October 19th, 2023

3:00PM         Open Side Event hosted by The Privacy Pro





A Practical Privacy Chat



Lauren Reid – Founder and Principal, The Privacy Pro

Join this informal, interactive conversation between peers and privacy leaders. The Privacy Pro will share:

• Our top 5 tips for effective collaboration between privacy and business
• Guidance for how to prioritize your time and energy for maximum impact and minimum stress
• Our favourite free privacy resources and guidance, and how we use them in our practice.

This event is open to anyone who wants to learn, share, and connect - no ticket required.

Location: Twain Boardroom – Hamilton Princess & Beach Club

Closed Session

The Closed Session is scheduled for Wednesday, 18th October through Friday, 20th October from 9:00am – 2:00pm daily and is available to GPA Membership only. Additional (closed) side events are listed below.
Note that supplementary events that are open to all attendees are listed above as part of the ‘Open Session’ Agenda, above.

Wednesday, October 18th, 2023

3:00pm          Closed Session Side-Event2023 GPEN Meeting: Enforcing against Deceptive Design Patterns



Christopher Moulder - Assistant Commissioner, Investigations, The Office of the Privacy Commissioner for Bermuda



Sharon Azarya
Guilherme Roschke
Brent Ho

Hannah McCausland

Thursday, October 19th, 2023

3:30pm           Managing Breach Notifications and Investigations (IEWG)



Brent Homan - Deputy Commissioner, Office of the Privacy Commissioner of Canada

IEWG Capacity Building Workshops provide authorities with a unique forum for exchanging experiences and perspectives on topics of particular interest to their operational and enforcement activities.
This year, the focus will be on “Managing Breach Notifications and Investigations”. Breaches 
require mandatory notification in many jurisdictions, while other jurisdictions are contemplating 
to amend their laws to include this important privacy protection mechanism. Whether an authority regulates in a mandatory regime or otherwise, managing breaches has been identified as a global challenge shared by all DPAs.

In this session, authorities from many parts of the world with different legal frameworks and 
resources will share their strategies to manage breach notifications and investigations. They will 
have the opportunity to share the corresponding challenges, potential solutions and practical 
examples and tools that participants can leverage to imp
rove and adapt their own processes.


Claudia Berg - The General Counsel, ICO, United Kingdom

Alejandro Londoño Congote - SIC, Colombia

Tobia Judin - Head of International Section, Datatilsynet Norway

Rachel Masterton - Deputy Commissioner, ODPA Guernsey

Sami Mohammed - Commissioner, ADGM, Abu Dhabi

John Henry D. Naga - Commissioner, NPC Philippines
Cecilia Siu - Assistant Privacy Commissioner, PCPD Hong Kong

5:00pm          The DPA STRAT Project

Learning from each other’s strategies and getting ready for the challenges and opportunities of 
digital regulation.


Steve Wood – Consultant, formerly UK ICO Deputy Commissioner
Marie Charlotte Roques-Bonnet – Consultant, formerly CNIL, Microsoft & Amazon
Seb Page – Consultant, formerly Deloitte

Join an experienced team of former industry leaders in a robust discussion about the initial 
findings of their self-funded research project into DPA strategies. There will be an opportunity to 
hear from senior leaders in DPAs who have led a strategy development process and a chance to share good practice, discuss challenges and opportunities.


LIGHTNING TALKS - ***Lightning Talks can be viewed on YouTube by clicking their respective titles.***

A series of informative and thought-provoking topics have been selected by the Programme Advisory Committee to be featured in short video recorded interludes throughout the programme agenda, a sample of topics and speakers are listed below:

FemTech - Ana Karen Cortés Viquez - Law and Technology International Consultant

How Artificial Intelligence Implicates Privacy - Prof Ryan Calo - Prof. of Law: University of Washington

Reading Minds: Neuro Privacy - Susie Alegre - author 'Freedom to Think'

What Data Protection is NotProf Dan Solove - George Washington University Law School, President and CEO TeachPrivacy

Perspectives on Ancestry and Genetic InformationDr. Tahu Kukutai - University of Waikato

The Thing Speaks for Itself: Case study in granting legal personality to inanimate objects -

Prof Gehan Gunasekara - University of Auckland Business School

Data Protection as a Corporate Social ResponsibilityProf/Dr Paolo Balboni - Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC), Maastricht University

PPC Japan Update on DFFT Efforts in G7Chairperson Mieko Tanno - PPC Japan

Identifying Dark Patterns - Dr. Luiza Jarovsky - Lawyer, Ph.D. researcher: Author of 'The Privacy Whisperer', and CEO at Implement Privacy

Political Targeting on the Internet Commissioner Meike Kamp - Berlin Commissioner for Data Protection

and Freedom of Information

Privacy Laws and EmploymentDuncan Card - Partner, Appleby (Bermuda) Limited

A Cannon-Shot Rule for DataCommissioner Alexander White - Privacy Commissioner for Bermuda

bottom of page